Proxy Mobile IPv6 Network-Based Mobility

Last Updated: December 19, 2012

Network-based mobility management enables IP mobility for a mobile node (MN) without requiring the MN to participate in any mobility-related signaling. IP mobility entities in the network are responsible for tracking the movements of the host or the MN and initiating the required mobility signaling on behalf of the host or the MN. Because the network is responsible for managing IP mobility on behalf of the MN, IP mobility is provided to any clientless MN, which is a node that does not run any mobile IP stack.

Leveraging Wi-Fi Access Technology for Wi-Fi Offload

Service providers (SP) seek new ways to accommodate the surge in mobile data traffic and the variety of smart, portable devices coming onto their networks. As mobile devices proliferate, so do the opportunities to strengthen relationships with customers by delivering a superior subscriber or end-user experience.

Fixed and mobile operators are, therefore, looking at both licensed and unlicensed Wi-Fi technologies to meet the demand and to expand customer footprint. Trusted Wi-Fi hotspots can be integrated into the existing SP policy and accounting infrastructure, thereby allowing the SP to maintain subscriber accountability. At the same time, traffic from these trusted Wi-Fi hotspots can be integrated into the existing packet core of the SP by using the standard Proxy Mobile IPv6 (PMIPv6) (PMIPv6-S2a) interface to provide IP mobility across Wi-Fi and 4G networks to enhance subscriber experience.

Contrary to the Mobile IP approach, network-based mobility management enables IP mobility for an MN without requiring the MNs to participate in any mobility-related signaling. The mobility entities in the network are responsible for tracking the movements of the host or the MN and initiating the required mobility signaling on the MN's behalf. Because the network is responsible for managing IP mobility on behalf of the mobile node, IP mobility is provided to any clientless MN, which is a node without running any mobile IP stack, and this is the biggest advantage of PMIPv6 over other mobility technologies.

PMIPv6 is IP Version Agnostic

Both IPv4 and IPv6 protocols can be enabled over the same network infrastructure. Cisco PMIPv6 implementation is address-family agnostic, and it is capable of supporting the following combinations:

Inter-AP Mobility: The Wi-Fi client can roam from one light-weight AP to another (for example, between AP 1 and AP 2), as long as these APs are connected to the same WLC. This move is completely transparent to the MAG.

Intra-MAG Mobility: The Wi-Fi client can move either across light-weight APs that are attached to different WLCs (for example, between AP 2 and AP 3) or across autonomous APs (for example, between AP 5 and AP 6) or across light weight APs and autonomous APs, provided they are connected to the same MAG. The MAG takes appropriate actions to update the MN's binding locally and also performs PMIPv6 signaling with LMA on behalf of the MN.

Inter-MAG Mobility: The Wi-Fi client can move across APs that are connected to different MAGs, for example, between AP 4 and AP 5. The MAG takes appropriate actions to create and maintain the MN's binding and also performs PMIPv6 signaling with the LMA on behalf of the MN.

SP Wi-Fi Mobility Deployment Scenarios

SPs providing wireline services, such as broadband, cable, Fiber to the x (FTTx) and so on, and wireless services, such as mobile network operator (MNO), mobile virtual network operator (MVNO) and so on, plan to rollout Wi-Fi services. Cisco supports various models for deploying service provider grade Wi-Fi. The following are the some of the most popular deployment models.

Commonalities Across all Deployment Scenarios

All deployment models requires that the MAC or hardware address of the Mobile Node (MN) is visible to the mobile access gateway (MAG). The Wi-Fi access network provides Layer 2 connection from the MN to the MAG, thus allowing the MAG to know the MAC address of the MN.

The MAG is a function on an access router that manages mobility-related signaling for the MN attached to its access link. MAG also acts as a proxy DHCP server for the MN and assigns IP addresses based on the PMIPv6 signaling between the MAG and the LMA.

These deployment models facilitate service providers to reuse their existing subscriber credential database, Policy and Charging Rules Function (PCRF), Online Charging System (OCS), offline billing infrastructure and so on, by integrating all these functions with northbound interfaces of the LMA.

In all deployment models, we recommend you to use any one or a combination of the Extensible Authentication Protocol (EAP) methods, such as EAP-SIM, EAP-AKA, or EAP-TTLS, or PEAP encapsulation, as the mode of authentication for mobile subscriber; however, a combination of web-authentication and transparent auto-logon is also used in conjunction with EAP to support non-EAP capable MNs.

Scenario 1: Wi-Fi Access Aggregation with a Standalone LMA

This deployment scenario is also known as "standalone", because there is no requirement of integrating the LMA with the Evolved Packet Core (EPC). The following figure shows how subscriber traffic from a Wi-Fi access network is integrated into a standalone LMA acting as the anchor point for the subscribers.

Figure 2

Wi-Fi Access Aggregation with a Standalone LMA

In this model, PMIPv6 facilitates IP mobility to a clientless MN when the clientless MN roams across a Wi-Fi access network.

Scenario 2: Wi-Fi Access Aggregation with the EPC

The following figure illustrates how the subscriber traffic from a Wi-Fi access network is integrated into an LMA which is colocated with a Packet Gateway (PGW) or an EPC. The trusted Wi-Fi traffic is integrated into the EPC via a standard PMIPv6-S2a interface; the Wi-Fi traffic is deemed trusted if both the access network and the core network are part of the SP network.

Figure 3

Wi-Fi Access Aggregation with EPC

In this model, PMIPv6 facilitates IP mobility to a clientless MN not only while roaming across Wi-Fi access networks, but also while roaming across Wi-Fi and the fourth generation (4G)/Long Term Evolution (LTE) infrastructure because the subscriber session is anchored to the PGW or EPC.

Scenario 3: Wi-Fi Access Aggregation with Multiple Mobile Operators

This deployment model, illustrated in the following figure, is an extension of the Scenario 2 and was conceived for deploying Wi-Fi access as a Layer 2 wholesale service. Layer 2 wholesale allows a wireline or a wireless service provider who deploys a Wi-Fi access network, to partner with retail service providers, mobile network operators (MNOs), or mobile virtual network operator (MVNOs) for use of their Wi-Fi infrastructure. Retail SP, MNO, or MVNO have direct business relationship, such as accounting, billing, policy and so on, with the end subscribers while having service-level agreement with the Wi-Fi wholesale access provider.

Figure 4

Wi-Fi Access Aggregation with Multiple Mobile Operators

The subscriber traffic from wholesale Wi-Fi access networks is integrated into the respective MNO's LMA or MVNO's LMA, which is colocated with Packet Gateway (PGW) or an Evolved Packet Core (EPC). The authentication, authorization, and accounting (AAA) directs the MAG to integrate the subscriber's Wi-Fi traffic into a specific LMA based on the subscriber's credentials such as Network Access Identifier (NAI), International Mobile Subscriber Identity (IMSI), mobile Subscriber ISDN number (MSISDN) and so on.

In this model, PMIPv6 facilitates IP mobility to a clientless MN not only when roaming across Wi-Fi access network, but also when roaming across Wi-Fi and fourth generation (4G)/Long Term Evolution (LTE) infrastructure, because the subscriber session is anchored at the PGW or EPC.

Scenario 4: Residential and Community Wi-Fi Deployment

The Residential and Community Wi-Fi deployment model shows how residential and community Wi-Fi subscriber traffic is integrated into an LMA. The LMA either functions as a standalone entity or is colocated with a PGW or EPC. The MAG functionality is enabled on every residential or home gateway routers (for example, Cisco Integrated Service Routers [ISR]), thus tunneling all the residential subscriber traffic to the LMA via the PMIPv6 tunnel. The per-subscriber policy enforcement, quality of service (QoS), accounting and so on, is expected to occur in the LMA. The following figure illustrates the Residential and Community Wi-Fi deployment model:

Figure 5

Residential and Community Wi-Fi Deployment

Similar to other deployment models, the trusted Wi-Fi traffic is integrated into the EPC via the standard PMIPv6-S2a interface. PMIPv6 facilitates IP mobility to a clientless MN not only when roaming across residential and community Wi-Fi access networks but also when roaming across Wi-Fi and fourth generation (4G)/Long Term Evolution (LTE) infrastructure, because the subscriber session is anchored at the PGW or EPC.

Configuration Examples

This section explains how to configure PMIPv6 mobility-based SP Wi-Fi networks. The configuration examples provided in this section applies to all the deployment scenarios discussed in this document. The following figure is the network topology diagram for PMIPv6--Network-Based Mobility and it serves as a reference for all of the deployment scenarios discussed in this guide.

Prerequisites for PMIPv6 Network-Based Mobility Deployment

The following prerequisites for Cisco MAG implementation on Cisco ASR 1000 and Cisco ISR devices apply only to the scenarios discussed in this deployment guide:

The access technology that is supported on the access link shared with an MN is IEEE 802.11 a/b/g/n.

The service offered to an MN is IPv4-only; therefore, only IPv4 addresses are assigned to the MN.

The MAG and the MN are connected over an L2 network so that the MAG is aware of the MAC or hardware address of the MN.

The subnet-mask length for the IPv4 home address assigned to an MN must be a non-32-bit subnet mask; typically it is /24.

The transport network of the MAG, the intermediate-router (IR) and the LMA is dual-stack; however the MAG and LMA are connected over IPv6 transport.

Software and Hardware Details

The following table lists the software and hardware details required for deployment of PMIPv6 Network-based Mobility, and it serves as a reference for all of the deployment scenarios discussed in this guide.

Cisco APs

No configuration is required if Cisco light-weight Access Points (APs) are used. The light-weight APs function as plug-and-play network elements. They also act as DHCP clients to the connected Wireless LAN Controllers (WLC), which, in turn, acts as the DHCP server and downloads the required image and configuration from the WLC.

Cisco Wireless LAN Controller

No PMIPv6-specific configuration is required on WLC. For information on configuring a Cisco WLC, see the Cisco Wireless LAN Controller Configuration Guide.

LMA Support for Cisco ASR 5000 Series Aggregation Services Routers

The following example shows how to configure an LMA in Cisco ASR 5000 Series Aggregation Services Routers:

MAG Support for Cisco ASR 1000 Series Aggregation Services Routers

The Cisco MAG feature supports various configuration options that enable the MAG to extract an MN profile. The following examples show how to enable MAG on Cisco ASR 1000 Series Aggregation Services Routers and Cisco Integrated Service Routers.

Configuring MN Profiles locally on a MAG

This configuration option is used for proof of concept, laboratory demonstration, and testing. The following example shows how the MN profile is locally configured on the MAG, so that an external radius server is not required. It is assumed that the MN MAC address or the DHCP client-identifier is already known and it can be configured locally as the NAI.

Configuring a Default MN Profile on the MAG

The following is the simplest form of configuration; the MAG applies the default profile configured on the MAG access interface that connects with the MN. This form of configuration is useful for a proof of concept, laboratory demonstration, or testing, without requiring an external radius server for extracting the MN's profile. When using the default profile, the MAG considers the Network Access Identifier (NAI) as the client's MAC address.

Configuring an MN Profile on the External RADIUS Server

In a typical commercial deployment, MN profiles are configured on a centralized external radius server. The MAG extracts the MN profile based on the MN or subscriber radius calling-station-id attribute, which is expected to be either subscriber MAC address or the NAI carried via the DHCP client-identifier (DHCP option 61).

Configuring an MN Profile as a Combination of the External Radius Server and the Default Profile

Cisco MAG provides the flexibility to define MN profiles as a combination of the external radius server configuration and the default profile configuration. This is useful in scenarios where a service provider (SP) must apply default profiles to the subscribers for whom there are no profiles defined on the external radius server.

The MAG attempts to extract the MN profile from the external radius server by sending an access-request message to the radius server. If the access-request message times out or if the radius server responds with an access-reject message, indicating that there is no profile for the requested MN, the MAG then applies the default profile configured on the MAG's access interface that connects to the MN.

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

For more information and support on PMIPv6, write us at: pmipv6-support@cisco.com

--

Glossary

CN--Correspondent Node. The device that the mobile node (MN) is communicating with, such as a web server. A correspondent node may either be mobile (for example, another mobile node [MN]), or be stationary (for example, a server).

LMA--Local Mobility Anchor. LMA is the home agent for the mobile node (MN) in a PMIPv6 domain. LMA is the topological anchor point for the MN's home network prefix and is the entity that manages the MN's binding state.

MAG--Mobile Access Gateway. MAG is a function on an access router that manages mobility-related signaling for an MN that is attached to its access link. The MAG is responsible for tracking MN movements to and from the access link.

NAI--Network Access Identifier. A NAI is the user identity submitted by the client during network access authentication. When roaming, the purpose of the NAI is to identify the user as well as to assist in the routing of the authentication request. The standard syntax is "user@realm" or as defined in RFC 4282.

MN--Mobile Node. MN is an IP host, an MN, or a router, whose mobility is managed by the network. The MN can be an IPv4-only node, IPv6-only node, or a dual-stack node. The MN is not required to participate in any IP mobility-related signaling for achieving mobility for an IP address that is obtained in that PMIPv6 domain.

PMIPv6 domain--Proxy Mobile IPv6 domain. A network where the mobility management of an MN is handled using the PMIPv6 protocol. The domain consists of network entities, such as MAGs and LMAs, between which Proxy Binding is maintained on behalf of the MNs.

PBU--Proxy Binding Update. PBU is the request message sent by a MAG to an LMA for establishing a binding between an MN's home network prefix and the MAG to which the MN is attached.

PBA--Proxy Binding Acknowledgement. PBU is the reply message from an LMA in response to a PBU from the MAG.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.